Hi @edwinbos. Thank you for your report.
To help us process this issue please make sure that you provided the following information:

• [ ] Summary of the issue
• [ ] Information on your environment
• [ ] Steps to reproduce
• [ ] Expected and actual results

Please make sure that the issue is reproducible on the vanilla Magento instance following Steps to reproduce. To deploy vanilla Magento instance on our environment, please, add a comment to the issue:

@magento-engcom-team give me $VERSION instance

where $VERSION is version tags (starting from 2.2.0+) or develop branches (for example: 2.3-develop).
For more details, please, review the Magento Contributor Assistant documentation.

@edwinbos do you confirm that you was able to reproduce the issue on vanilla Magento instance following steps to reproduce?

• [ ] yes
• [ ] no

Hi @engcom-backlog-nazar. Thank you for working on this issue.
In order to make sure that issue has enough information and ready for development, please read and check the following instruction: :point_down:

• [x] 1. Verify that issue has all the required information. (Preconditions, Steps to reproduce, Expected result, Actual result).
  Details

  If the issue has a valid description, the label Issue: Format is valid will be added to the issue automatically. Please, edit issue description if needed, until label Issue: Format is valid appears.

• [x] 2. Verify that issue has a meaningful description and provides enough information to reproduce the issue. If the report is valid, add Issue: Clear Description label to the issue by yourself.

• [x] 3. Add Component: XXXXX label(s) to the ticket, indicating the components it may be related to.

• [x] 4. Verify that the issue is reproducible on 2.3-develop branch

  Details

  - Add the comment @magento-engcom-team give me 2.3-develop instance to deploy test instance on Magento infrastructure.
  - If the issue is reproducible on 2.3-develop branch, please, add the label Reproduced on 2.3.x.
  - If the issue is not reproducible, add your comment that issue is not reproducible and close the issue and _stop verification process here_!
  

• [x] 5. Verify that the issue is reproducible on 2.2-develop branch.

  Details

  - Add the comment @magento-engcom-team give me 2.2-develop instance to deploy test instance on Magento infrastructure.
  - If the issue is reproducible on 2.2-develop branch, please add the label Reproduced on 2.2.x

• [x] 6. Add label Issue: Confirmed once verification is complete.

• [x] 7. Make sure that automatic system confirms that report has been added to the backlog.

Hi @edwinbos I'm not able to reproduce following steps you described. see attachments

You have forgotten step 3 and step 4:

1. Clicked on link in the password reset mail
2. Entered password two times and submit form by clicking "reset password"

@edwinbos Can you confirm it on vanilla instance ?

I can confirm it's a vanilla Magento 2.2.6 instance.
Also with two real shops (on a test environment) the same problem.

@magento-engcom-team give me 2.2.6 instance

Hi @edwinbos. Thank you for your request. I'm working on Magento 2.2.6 instance for you

Hi @edwinbos, here is your Magento instance.
Admin access: https://i-18256-2-2-6.engcom.dev.magento.com/admin
Login: admin Password: 123123q
Instance will be terminated in up to 3 hours.

@edwinbos So can you reproduce this on vanilla instance ?

@engcom-backlog-nazar I was able to reproduce this issue on a clean Magento 2.2.6 instance.

@edwinbos But why i'm able to reset password on this instance ?

Found it. It doesn't work on PHP7.0.30 on my local instance, but it's working on PHP7.1.
Which version of PHP is this instance using?

@edwinbos Supported version 7.1 7.0 only for 2.1-*

Does that mean the DevDocs is not up-to-date?

https://devdocs.magento.com/guides/v2.2/install-gde/prereq/prereq-overview.html

https://devdocs.magento.com/guides/v2.2/install-gde/system-requirements-tech.html

@edwinbos I'm tested with php 7.0 and have no issue passwords reset correctly, maybe some problem in you environment ?

Can reproduce on a clean Magento 2.2.6 installed using composer.
Error happens both in PHP 7.0.32 as 7.1.22, I don't think the PHP version matters here.

The exception message which happens is: Warning: SessionHandler::destroy(): Session is not active in vendor/magento/framework/Session/SaveHandler.php on line 116

Stacktrace:

Magento\Customer\Controller\Account\ResetPasswordPost\Interceptor->execute (vendor/magento/module-customer/Controller/Account/ResetPasswordPost.php:103)
Magento\Customer\Controller\Account\ResetPasswordPost\Interceptor->execute (generated/code/Magento/Customer/Controller/Account/ResetPasswordPost/Interceptor.php:24)
Magento\Customer\Controller\Account\ResetPasswordPost\Interceptor->dispatch (vendor/magento/framework/App/Action/Action.php:107)
Magento\Customer\Controller\Account\ResetPasswordPost\Interceptor->___callParent (vendor/magento/framework/Interception/Interceptor.php:58)
Magento\Customer\Controller\Account\ResetPasswordPost\Interceptor->Magento\Framework\Interception\{closure} (vendor/magento/framework/Interception/Interceptor.php:138)
Magento\Customer\Controller\Account\ResetPasswordPost\Interceptor->___callPlugins (vendor/magento/framework/Interception/Interceptor.php:153)
Magento\Customer\Controller\Account\ResetPasswordPost\Interceptor->dispatch (generated/code/Magento/Customer/Controller/Account/ResetPasswordPost/Interceptor.php:39)
Magento\Framework\App\FrontController\Interceptor->dispatch (vendor/magento/framework/App/FrontController.php:55)
Magento\Framework\App\FrontController\Interceptor->___callParent (vendor/magento/framework/Interception/Interceptor.php:58)
Magento\Framework\App\FrontController\Interceptor->Magento\Framework\Interception\{closure} (vendor/magento/framework/Interception/Interceptor.php:138)
Magento\Store\App\FrontController\Plugin\RequestPreprocessor->aroundDispatch (vendor/magento/module-store/App/FrontController/Plugin/RequestPreprocessor.php:94)
Magento\Framework\App\FrontController\Interceptor->Magento\Framework\Interception\{closure} (vendor/magento/framework/Interception/Interceptor.php:135)
Magento\PageCache\Model\App\FrontController\BuiltinPlugin->aroundDispatch (vendor/magento/module-page-cache/Model/App/FrontController/BuiltinPlugin.php:73)
Magento\Framework\App\FrontController\Interceptor->Magento\Framework\Interception\{closure} (vendor/magento/framework/Interception/Interceptor.php:135)
Magento\Framework\App\FrontController\Interceptor->___callPlugins (vendor/magento/framework/Interception/Interceptor.php:153)
Magento\Framework\App\FrontController\Interceptor->dispatch (generated/code/Magento/Framework/App/FrontController/Interceptor.php:26)
Magento\Framework\App\Http\Interceptor->launch (vendor/magento/framework/App/Http.php:135)
Magento\Framework\App\Http\Interceptor->launch (generated/code/Magento/Framework/App/Http/Interceptor.php:24)
Magento\Framework\App\Bootstrap->run (vendor/magento/framework/App/Bootstrap.php:257)
{main} (pub/index.php:37)

Exact steps to reproduce:

1. Setup clean Magento 2.2.6 installation
2. Create a new account in the frontend
3. Logout
4. Go to the password reset page
5. Enter your email address and the captcha
6. Click on the link you've received
7. Enter a new password in the two fields
8. Getting error Something went wrong while saving the new password.

Hi @hostep Thank you for your explanation now i'm able to reproduce on composer version, but on 2.2-dev this works perfectly.

@engcom-backlog-nazar: ok, great!
Please in the future, always try to test with composer based installs, it's how the real world uses Magento, we don't clone from a git repo (well most of us, some actually do it like that).

I really hope this won't turn out to be caused by one of the CBE's again, because otherwise this is getting quite ridiculous...

@hostep, Ok thanks that be my mistake to not use composer version.

@engcom-backlog-nazar I have the same issue found on composer version cloud instance 2.2.6, I have submitted the internal ticket with the issue I found the issue missing customer id lines of code in the Controller "ResetPasswordPost.php" which may cause the issue, I fixed the temp solution override the core .

@hostep I'm disabled Amazon module, and have success result.

@engcom-backlog-nazar: I cannot confirm this, disabling all Amazon modules still triggers the problem over here.
As a next test, I've disabled all CBE's: Amazon_Core, Klarna_Core, Amazon_Login, Amazon_Payment, Klarna_Ordermanagement, Klarna_Kp, Dotdigitalgroup_Email, Temando_Shipping, Vertex_Tax.
But still the error can be reproduced, so it looks like the CBE's have nothing to do with this for once.

@salikahmed: can you share your solution? Or maybe even better, create a pull request with the fix if you believe it is correct? Thanks!

Some extra useful information from @webspeaks from https://github.com/magento/magento2/issues/18297:

This issue seems to occur only for new users who register after upgrading to 2.2.6.

(not verified if this is true)

A temporary fix is to modify the vendor\magento\module-customer\Model\AccountManagement.php.
Go to function resetPassword() and
Replace following lines (around line # 673):

        $this->sessionManager->destroy();
        $this->destroyCustomerSessions($customer->getId());

with following lines

        try {
            $this->sessionManager->destroy();
            $this->destroyCustomerSessions($customer->getId());
        } catch (\Exception $e) {}

Note: We have modified core file which is not recommended. But its a temporary fix and not a permanent solution.

@engcom-backlog-nazar Thank you for verifying the issue. Based on the provided information internal tickets MAGETWO-95341, MAGETWO-95342 were created

We are having the same issue, is there an ETA to when a fix may be ready?

On a side note, is this not something that is unit-tested on release? Feels like fairly basic testing has been missed to not notice a password can not be reset.

Mm18mx

@paco44 thank you for joining. Please accept team invitation here and self-assign the issue.

Hi @paco44. Thank you for working on this issue.
Looks like this issue is already verified and confirmed. But if your want to validate it one more time, please, go though the following instruction:

• [ ] 1. Add/Edit Component: XXXXX label(s) to the ticket, indicating the components it may be related to.

• [ ] 2. Verify that the issue is reproducible on 2.3-develop branch

  Details

  - Add the comment @magento-engcom-team give me 2.3-develop instance to deploy test instance on Magento infrastructure.
  - If the issue is reproducible on 2.3-develop branch, please, add the label Reproduced on 2.3.x.
  - If the issue is not reproducible, add your comment that issue is not reproducible and close the issue and _stop verification process here_!
  

• [ ] 3. Verify that the issue is reproducible on 2.2-develop branch.

  Details

  - Add the comment @magento-engcom-team give me 2.2-develop instance to deploy test instance on Magento infrastructure.
  - If the issue is reproducible on 2.2-develop branch, please add the label Reproduced on 2.2.x

• [ ] 4. If the issue is not relevant or is not reproducible any more, feel free to close it.

@magento-engcom-team give me 2.3-develop instance

Hi @paco44. Thank you for your request. I'm working on Magento 2.3-develop instance for you

Hi @paco44, here is your Magento instance.
Admin access: http://ec2-34-228-235-121.compute-1.amazonaws.com/i-18256-2-3-develop//admin
Login: admin Password: 123123q
Instance will be terminated in up to 3 hours.

Updating PHP version from 7.0 to 7.1 fixed the issue for me.

Hi @p-bystritsky. Thank you for working on this issue.
Looks like this issue is already verified and confirmed. But if your want to validate it one more time, please, go though the following instruction:

• [ ] 1. Add/Edit Component: XXXXX label(s) to the ticket, indicating the components it may be related to.

• [ ] 2. Verify that the issue is reproducible on 2.3-develop branch

  Details

  - Add the comment @magento-engcom-team give me 2.3-develop instance to deploy test instance on Magento infrastructure.
  - If the issue is reproducible on 2.3-develop branch, please, add the label Reproduced on 2.3.x.
  - If the issue is not reproducible, add your comment that issue is not reproducible and close the issue and _stop verification process here_!
  

• [ ] 3. Verify that the issue is reproducible on 2.2-develop branch.

  Details

  - Add the comment @magento-engcom-team give me 2.2-develop instance to deploy test instance on Magento infrastructure.
  - If the issue is reproducible on 2.2-develop branch, please add the label Reproduced on 2.2.x

• [ ] 4. If the issue is not relevant or is not reproducible any more, feel free to close it.

Hi @edwinbos. Thank you for your report.
The issue has been fixed in magento/magento2#19026 by @p-bystritsky in 2.3-develop branch
Related commit(s):

• bc8d3d5d0ead9779cb22d19201cd731719a79b0c

The fix will be available with the upcoming 2.3.1 release.

How can we override this class without modifying the core class?
I tried to override with di.xml but then I get an error while sending the reset email.

Hi @nuwaus,

I tried overriding the 'AccountManagement' Class and its working fine. Please make sure the private functions which are using 'resetPassword' function are also included in the extended class. In addtion to this if you are overriding the whole file then please make sure all class has namespace because in core 'AccountManagement' class excluded some class namespace which are in the same directory.

@tonycr7

So far I managed to fix it by removing the module-customer module from composer and adding a clone of it with changes again via composer, eg: module-customer-temp

That way I managed to get it working, but I'll try as you mentioned and write the outcome here, soon..

@nuwaus @tonycr7 the recommended way is to make a composer patch file to use with for example https://github.com/cweagans/composer-patches

Seems to also be fixed in 2.2-develop already, but not in 2.2.7

Seems to also be fixed in 2.2-develop already, but not in 2.2.7

Yes I can see this has been fixed in the 2.2-develop branch on 05/11/2018 ( https://github.com/magento/magento2/commit/7443dc3194040e9ce2f7baf902470deb975b97c6 )but it wasn't included in 2.2.7. @magento-engcom-team will this fix be included in 2.2.8 ?

Thank you !

included in 2.2.7. @magento-engcom-team will this fix be included in 2.2.8 ?

Yes as not all commits made it into the planned release (the bot who gives the info about the version is still not very accurate / correct).

@peterjaap @nuwaus @tonycr7 I created a patch for the fix: https://gist.githubusercontent.com/maartenatmarissen/b8e41e15f8a0597cf510a84be56b65c5/raw/cdf2be8cfcdf6b08c884d7b751b1c21e5a7078d7/AccountManagement.php.patch

Can be applied using https://github.com/cweagans/composer-patches :
"magento/module-customer": {
"18256": "https://gist.githubusercontent.com/maartenwolfsen/b8e41e15f8a0597cf510a84be56b65c5/raw/cdf2be8cfcdf6b08c884d7b751b1c21e5a7078d7/AccountManagement.php.patch"
}

Apparently you changed your username, so the gist is now at https://gist.githubusercontent.com/maartenwolfsen/b8e41e15f8a0597cf510a84be56b65c5/raw/cdf2be8cfcdf6b08c884d7b751b1c21e5a7078d7/AccountManagement.php.patch with more information at https://gist.github.com/maartenwolfsen/b8e41e15f8a0597cf510a84be56b65c5/ and composer-patch code

"magento/module-customer": {
    "18256": "https://gist.githubusercontent.com/maartenwolfsen/b8e41e15f8a0597cf510a84be56b65c5/raw/cdf2be8cfcdf6b08c884d7b751b1c21e5a7078d7/AccountManagement.php.patch"
}

@lewisje might be better to use https://github.com/magento/magento2/commit/bc8d3d5d0ead9779cb22d19201cd731719a79b0c.patch (use patch level 5 when using https://github.com/vaimo/composer-patches);

{
  "patches": {
    "magento/module-customer": {
      "Reset password throws error since 2.2.6.": {
        "link": "https://github.com/magento/magento2/issues/18256",
        "source": "https://github.com/magento/magento2/commit/bc8d3d5d0ead9779cb22d19201cd731719a79b0c.patch",
        "level": 5,
        "depends": {
          "magento/product-community-edition": ">=2.2.6 <2.3.1"
        }
      }
    }
  }
}

Apparently you changed your username, so the gist is now at https://gist.githubusercontent.com/maartenwolfsen/b8e41e15f8a0597cf510a84be56b65c5/raw/cdf2be8cfcdf6b08c884d7b751b1c21e5a7078d7/AccountManagement.php.patch with more information at https://gist.github.com/maartenwolfsen/b8e41e15f8a0597cf510a84be56b65c5/ and composer-patch code

"magento/module-customer": {
    "18256": "https://gist.githubusercontent.com/maartenwolfsen/b8e41e15f8a0597cf510a84be56b65c5/raw/cdf2be8cfcdf6b08c884d7b751b1c21e5a7078d7/AccountManagement.php.patch"
}

Thank you for noticing, I´ve also changes the link